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An effective key management plays a crucial role in imposing a resilient 
security technique in Wireless Sensor Network (WSN). After reviewing the 
existing approaches of key management, it is confirmed that existing 
approachs does not offer good coverage on all potential security breaches in 
WSN. With WSN being essential part of Internet-of-Things (IoT), the 
existing approaches of key management can definitely not address such 
security breaches. Therefore, this paper introduces a Framework for Secure 
Data Aggregation (FSDA) that hybridizes the public key encryption 
mechanism in order to obtain a novel key management system. The proposed 
system does not target any specific attacks but is widely applicable for both 
internal and external attacks in WSN owing to its design principle. The study 


Security outcome exhibits that proposed FSDA offers highly reduced computational 

Wireless Sensor Network burden, minimal delay, less energy consumption, and higher data 
transmission perforance in contrast to frequency used encryption schemes in 
WSN. 
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1. INTRODUCTION 

A wireless network is always shrouded by different forms of networking challenges that not only 
affects communication process about also equally affects the security features [1]. From different forms of 
wireless networks, Wireless Sensor Network (WSN) is one of the most successful deployments in 
commercial market. A sensory node assists in performing data aggregation from the environment where it is 
completely exposed to swarm of attackers. Till last decade, there has been various studied associated with 
attacks [2] and security solutions [3], [4] but none of them are claimed to be 100% resilient against all the 
attacks. Majority of the existing approaches towards security in WSN are mainly cryptographic in nature 
whereas there also exists studies that are non-cryptographic in nature e.g. [5], [6]. The cryptographic 
approaches mainly deals with key management system followed by iterative encryptions using either 
symmetric or asymmetric keys while non-cryptographic approaches deals with observation of certain form of 
significant behaviour of nodes followed by formulation of rule set to offer inference to such behaviour in 
terms of malicious or regular pattern. 

In last 5 years, there has been various forms of improvement in WSN where heterogeneity is further 
studied in order to make it well prepared to be used in reconfigurable networks like Internet-of-Things 
(IoT) [7]. IoT is complete a new concept to design a smart city and calls for mainly integrating WSN with 
pervasive environment like cloud computing [8]. However, the biggest security concern in this regards are i) 
the attacks studied in WSN are very different from that in cloud environment, which has most potential to 
induce collateral network damage, ii) the translation mechanism of control message (generated from query 
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system) is quite challenging to be realized if heterogeneous WSN is integrated with cloud (at present IoT is 
implemented either in low scale network or in homogenous network), iii) identification of attacks from either 
side is quite difficult and has good chance of bypassing any firewall system if the security protocols doesn’t 
have wide consideration of its environmental parameters, and iv) cost effectiveness is not emphasized in IoT 
nodes as majority of the IoT nodes do have fair possibilities of resources when demanded (unlike 
conventional WSN). There are also various studies on IoT that discuses about security improvement but very 
less work has been actually carried out till date owing to the novelty of the technology [9], [10]. With new 
levels of features being incorporated within IoT there is one thing that is going to be always there and that is 
data aggregation. Unlike conventional WSN, IoT offers data aggregation from only registered nodes but 
with new proliferation of mobile nodes it is very likely that adoption of mobile nodes will be leveraged for 
performing dynamic data aggregation. 

Hence, an effective key management scheme is highly demands in this. Normally, the biggest 
challenge in forming a novel key management technique is to select the process of generation of key, which 
has to be motivated from certain existing encryption scheme. Unfortunately, existing encryption schemes are 
too specific of attacks and hence their applicability is quite narrowed [11]-[13]. There is a need of such 
design principle that can be equally applicable for resisting intrusions in WSN. Hence, we introduce one such 
solution by harnessing the potential features of public key encryption system in order to generate a 
lightweight ciphering policy that can be claimed for secure key management scheme in WSN. We also show 
that it is feasible for contruct a robust encryption scheme that is less iterative and more progressive without 
much demands of resources for its execution. Section 1.1 discusses about the existing literatures where 
different techniques are discussed for detection schemes used in power transmission lines followed by 
discussion of research problems in Section 1.2 and proposed solution in 1.3. Section 2 discusses about 
algorithm implementation followed by discussion of result analysis in Section 3. Finally, the conclusive 
remarks are provided in Section 4. 


1.1. Background 

This section updates research approaches towards strengthing key management followed by our 
prior investigation [14]. The work carried out by Wang et al. has presented a clustering approach for 
improving security in WSN using a verification of message [15]. Porambage et al. have introduced an 
authentication scheme for improving key management on certificates [16]. Study on mobile networks with an 
emphasis of key management was carried out by Kang et al. [17]. The authors have used key sharing 
approach as well as rekeying approach that is claimed to maintained better forward-backward secrecy. Lee et 
al. have presented a typical encryption scheme meant for securing ubiquitous devices [18]. Chen et al. have 
presented their key management scheme using symmetric encryption approach applicable on heterogeneous 
network [19]. Pereira et al. have investigated the security strength of different encryption techniques on 
Internet-of-Things (IoT) [20]. 

Adoption of Elliptical Curve Cryptography has been seen in work of Ibrahim and Dalkilic for secure 
transmission of node tags ID using mutual authentication process [21]. Sarkar and Mukherjee have discussed 
their key Predistribution scheme which has been repeatedly used even in past with few evidences of 
benchmarking [22]. Qi et al. have implemented a compressive sensing along with block encryption of 8-bit 
integer on sensor data [23]. Wu et al. have presented a framework design that performs identification of 
attacks using virtualization and software defined networks [24]. Deng et al. have used a stochastic approach 
for securing physical layers in WSN using multiple sink approach [25]. Umar et al. have used a cross-layer 
based approach that allows the trust factor to be used along with fuzzy logic implementation in order to offer 
resource security in WSN [26]. 

Nearly similar approach on physical layer as well as trus-based approach of security has also been 
carried out by Zhu et al. [27] as well as Qin et al. [28]. Shin et al. have presented a route optimization-based 
approach using trust factor for fault tolerant implementation of communication security in IoT [29]. Guan 
and Ge have used a random modeling approach using probability scheme for resising jamming attack in 
WSN [30]. Dai et al. have presented a verification method on its encoding system for minimizing the cost 
involved in secure query process [31]. The mechanism uses hashing and symmetric encryption. Al-Turjman 
et al. have presented a key aggrement strategy hat offers secure communication using mobile sinks with an 
aid of elliptical curve cryptography [32]. A framework for investigating the security strength of harvester 
node is designed by Vo et al. [33]. 

The authors have also presented a scheduling approach for improving the security upon physical 
layer. Lu et al. have presented a discussion of various conventional encryption schemes used in WSN [34]. 
There is various scale of security approaches used in improving key management techniques in recent times 
with more dominancy of usng elliptical curve cryptosystem, Secured Hash Algorithm (SHA), Advanced 
Encryption Standard (AES), etc. However, all of these approaches are also featured by pitfalls that are 
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required to be addressed in order to obtain supreme security. The next section briefs about such pitfall 
followed by proposed solution for addressing such pitfalls. 


1.2. Identification of Issues 
The unaddressed issues explored after reviewing existing approaches are: 
a. Usage of complex and highly iterative cryptographic approaches ensures higher degree of security but 
doesn’t emphasize on its applicability on sensors with constraints of resources. 
b. Elliptical Curve Cryptography offers lightweight encryption by controlling the minimum key size but 
on the other hand it also increases the ciphered message size that results in complexity. 
c. Existing approaches of digital signatures doesn’t discuss the cost of certificate revocation which is not 
only expensive affair but also offer insecurity of its private keys. 
d. Usage of digital signatures has higher involvement of computational time that could introduce 
significant amount of network delay and hence not much supportive for emergency application. 
Therefore, the statement of the problem is “Constructing a unique encryption scheme using public 
key cryptography that could offer lightweight features with maximum coverage of security standards in 
wireless environment of sensory application.” The next section outlines proposed solution. 


1.3. Proposed Solution 

This paper presents an extended version of our previous investigation [35] towards a novel key 
deployment strategy. This paper further optimizes the security feature by hybridizing the potentials of 
elliptical curve cryptography and digital signature. Figure 1 highlights the adopted scheme of proposed 
system. 
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Figure 1. Adopted schema of proposed system 


The above shown scheme is mainly intended for higher degree of privacy, confidentiality, as well as 
data integrity by hybridizing approach. The proposed system considers the potentials of generating higher 
degree of private keys by elliptical curve cryptography however they are higher in number that could 
introduce significant amount of computational complexity in low powered sensors. Hence, the proposed 
system considers the reference point derived from the order of elliptical curve in order to ensure that only the 
best value of private could be considered in each passes. The next contribution of proposed system is that it 
doesn’t use conventional digital signature as it is expensive in terms of large scale deployment over the 
sensors. 

Hence, the proposed system hybridizes both of them and generates two algorithms ie. 1* algorithm 
uses random approaches in order to generate a security token which will be used for ciphering the message 
by the transmitting node in order to forward it to the receiver. On the other hand, the receiver node will use 
public key cryptography as well as second algorithm in order to perform validation of the received security 
token. A successful identification of security token allows authorization on the received message. Any form 
of man-in-middle attacks will not be able to decrypt the content of the message eventually having possessin 
of same public key. Hence, the novel contribution of proposed system is that it offers better security coverage 
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from maximum threats in WSN using a lightweight and hybrid encryption technique. The next section 
discusses about the algorithm implementation. 


2. ALGORITHM IMPLEMENTATION 

The proposed algorithm presents a novel design of digital signature that is constructed by enhancing 
the structure of elliptical curve cryptography. The construction of this novel algorithm results in generation of 
a security token that will be further subjected to validation process. This section will discuss about the 
mechanism adopted in order to enhance the operations undertaken by elliptical curve cryptography with a 
prime intention of leveraging data integrity, privacy, as well as confidentiality. Following are the description 
of implemented algorithm. 


2.1. Algorithm for Generating Security Token 

In order to maintain a better form of confidentiality of the data as well as node’s identity it is 
essential that proposed system should develop such a mechanism that could dynamically perform secure 
generation of digital signature. Hence, the prime responsibility of the proposed algorithm is to generate a 
highly dynamic and secure token that consistently alters in every communication process as well as is also 
lightweight in nature. The algorithm takes the input of Ou (upper limit of order), a (arbitrary value of integer 
type) that after processing results in generation of Stok (security token). The steps of the algorithm are as 
follows: 


Algorithm for Generating Security Token 
Input: O, (upper limit of order), a (arbitrary value of integer type) 
Output: Stok (security token) 

Start 

1. init Ou, 

2. Choose aj 

3. Compute O=p; | Ou | 

4. If 0=0 

5. Go to Step-2 

6. Else 

7. Compute o,> o(b, 0) 

8. Estimate o=6+a,|O,| 

9. If o=0 

10. Go to Step-3 

11. Else 

12. Obtain sicoc>(O, a) 

End 


The algorithm starts by initiating upper limit of order Ou captured from the elliptical curve (Line-1). 
The execution of the algorithm begins by transmitting sensor node initiating a communication with receiving 
sensor node. In this process, the first step is to perform an arbitrary selection of a; whose value ranges 
between | and (O,-1) (Line-2). This is the first novelty which reduces computational complexities associated 
with elliptical curve cryptgraphy by selecting one point within its order scope and not all the infinite number 
of points in its curve. The next step of implementation is to compute 9 that will be required in generation of 
security token at the end (Line-3).The computation of 8 is carried out by scalar product of positional 
information pı and upper limit of order in elliptical curve Ou (Line-3). 

It should be known that (p1, q1) represents the positional information of a node whose empirical 
value is considered to be equivalent to arbitrary integer value al and function of reference point f(ps, qr). The 
function of reference point is considered to lie within the elliptical curve and its order is considered is 
maximum score of Oy. This mechanism contributes to novel amalgamation of new digital signature as well as 
ellipitical curve cryptography. The next part of implementation is to compute an encryption attribute o 
applied on beacon (or control message) b and computed variable 0 (Line-7). It can be also noted that under 
any circumstances, the value of this variable 0 is considered as non-zero number (Line-4 and Line-5). This 
process is followed by generation of preliminary security token a by adding up a new variable B and scalar 
product of arbitrary integer value a; with upper limit of order O. in eliptical curve cryptography. 

We perform the evaluation of new variable B as product of i) variable 0 obtained from Line-3, ii) an 
arbitrary integer [1 (O,-1)] that is always considered to be its private key, and iii) o; obtained from Line-8. 
We also ensure that the empirical value of the preliminary security token a is always non-zero and finally the 
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algorithm leads to selection of final set of security token stox acquired from variable 8 obtained from Line-3 
and variable a obtained from Line-8. A closer look into the above algorithmic steps will show that it hybrids 
the elliptical curve cryptography with typical signature in order to generate a light weight and dynamic 
security token that is required to maintiain higher degree of privacy as well as confidentiality. At the same 
time, the algorithm also contributes to minimization of the computational overhead as well. 


2.2. Algorithm for Validating the Security Token 

The execution of this algorithm could only begin after successful generation of security token by the 
transmitting sensor node. This generation security token is then forwarded to receiving sensor node where the 
the latter performs validation. The input to this algorithm is six (secure token) and kp» (public key) that 
results in outcome of V+ / V- (Successful/failed validation). The important steps of the algorithm are as 
follows: 


Algorithm for Validating the Security Token 
Input: sox (secure token), Kpub (public key) 
Output: V+ / V- (Successful / failed validation) 
Start 

1. If kpuw40 

2. If kp» CEC 

3. successful 1“ stage of validation 

4. End 

5. End 

6. If (0, a)€ Z-1 Z is integer 

7. Compute o1> o(b, 0) 

8. Compute P>af- B/O,| 


9, If 8=p,|O,| 

10. Vt flag Sto as valid 
11. else 

12. V->flag stok as invalid 
13. else If 

14. V->flag stok as invalid 
15. End 

End 


Before trying to understand the implementation scheme of the above validation algorithm, it is 
essentialto understand one important assumption that a receiving sensor node must have a replica or access of 
public key kpuw of transmitting sensor node. Otherwise, this validation cannot be performed. The complete 
process of validation of the received security token by the receiving sensor node is carried out in two stages 
viz. primary stage and secondary stage. In the primary stage, the algorithm checks if there is presence of non- 
zero public key (Line-1). In case of non-availability of non-zero public key, the communication is aborted 
instantly stating that its external attack scenario. However, if it is valid than it checks if the numerical value 
of this public key kpup actually resides within the ranges of elliptical curve (Line-2). 

This completes the primary validation stage. The next step of the algorithm targets to perform 
secondary validation of obtained security token Siok. For this purpose, it ensures that both the variables 0 and 
a should be of integer type as well as their scope has to be mandatorily reside within lower limit of 1 and 
higher limit of (O.-1) (Line-6). In case of exploration of non-integer value type, the algorithm considers it 
equivalent to eavesdropping or message tamepering and thereby it flags the obtained security token as invalid 
(Line-14). Upon confirming that they (0 and a) areof integer type than the algorithm performs computation of 
encryption attribute o; by applying any form of cryptographic function on the control message b and ©. It 
should be noted that the implemented function o (Line-7) is similar to that used in previous algorithm of 
security token generation. 

The next validation step of the algorithm calls for computing the a single communication vector of 
positional information i.e. P, whereP =(py, p2). It should be noted that position information of transmitting 
and receiving nodes are (pı qi) and (p2 q2) respectively. This computation of single communication vector of 
positional information P is empirically formed to be corresponding to af- B|O,| (Line-8). A closer look into 
this empirical formulation wil show that first component is a scalar product of preliminary security token a 
and function of reference point fpr qr) while the second component corresponds to B and upper limit of order 
i.e.Ou. The empirical value of P is considered same as product of variable 0 and an arbitrary integer [1 (Ou-1)] 
that is always considered to be its private key. The final step of validation of security token is carried out by 
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checking of value of the variable 6 is equivalent to p,|O,| (Line-9). If the left hand side of expression 
exhibited in Line-9 is not found equivalent to right hand size than the algorithm confirms that obtained 
security token is highly invalid. 

An interesting fact about this algorithm construction is that their false statement precisely 
corresponds to the attack scenario which could begenerated from any node. Hence, the algorithm doesn’t 
allow the routing to be confirm and aborts the connection once the first stage of validation itself fails. Hence, 
in a smart manner, the algorithm offers security to its neighboring nodes also. Moreover, owing to utilization 
of non-recursive approach, the algorithm offers significant advantage in terms of communication efficiency 
with reduced computational burden apart from its security capablity. 


3. RESULT ANALYSIS 

This section outlines the outcomes obtained after implementing the proposed FSDA using 
MATLAB. For this purpose, we perform simulation study with 1000 sensors bearing configurations of 
MEMSIC nodes. The simulation area is considered to be 1100x1300m? with 10 meters of transmission range. 
As the proposed study introduces a hybrid approach with elliptical curve cryptography as well as digital 
signature hence it is anticipated to offer lightweight encryption scheme for claiming an effective key 
management scheme. This lightweight feature can be only proven if the algorithm offers less computational 
burden and equivalently maintains optimal communication performance. Therefore, we choose to consider 
algorithm processing time, end-to-end delay, energy consumption, and packet delivery ratio as the 
performance parameter. The study also performs comparative analysis with the most frequently implemented 
encryption schemes of key management. 

The outcomes clearly indicates that proposed system offers significantly better outcomes in 
comparison to existing AES or SHA. From the Table 1, it can be seen that proposed system offers 
approximately 64.67%, 63.12%, 4.94%, and 60.02% of improvement with respect to overall energy 
consumption, overall delay, packet delivery ratio, and algorithm processing time. Owing to non-recursive 
based operation, FSDA exhibits lower algorithm processing time Figure 2 and it offers enhanced security 
with faster response time with increasing iterations. This also offers complimentary benefits to delay factor, 
which is found to be extremely less Figure 3. 


Table 1. Summary of Percentage of Improvement 
Overall energy Packet Delivery Algorithm Processing 


i OJ 
Technique Consumption (%) Overall Delay (%) Ratio (%) Time (%) 
AES 39.28 51.54 29.73 45.42 
SHA-2 52.08 44.81 14.77 47.39 
FSDA 26.69 33.23 49.44 32.79 
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Figure 2. Comparative evaluation of algorithm processing time 


The proposed system also make use of first order radio energy model that essentially computes 
energy dissipation in order to find that FSDA consumes less energy and hence offers network longevity 
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Figure 4. Finally, the number of encryption steps are not massive for which reason more number of resources 
are available for longer duration resulting in an effective resource allocation. This causes significant 
improvement in exploring better communication channel with utmost security Figure 5. The trend of 
increasing pattern of packet delivery ratio over increasing number of neighboring nodes not only show its 
better scalability performance but also exhibits that FSDA offers non-repudiation along with data 
integrity,privacy and confidentiality. Hence, applicability of FDSA is more for any sensory application that 
demands longer term of security surveillance over uncertain communication as it offers equal resistivity 
performance to maximum attacks. 
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Figure 3. Comparative evaluation of delay 
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Figure 4. Comparative evaluation of energy consumption 
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Figure 5. Comparative evaluation of packet delivery ratio 
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4. CONCLUSION 

Security is one of the most challenging problems in WSN irrespective of massive amount of 
research work beng carried out till date. We observed that existing approaches of key management 
emphasizes on specific form of attacks which narrows down the applicability of key management when the 
attack scenario is changed. At the same time, we find that there are much potential of using elliptical curve 
cryptosystem in order to generate private keys but the process is too much recursive and leads to increased 
message size. At the same time, usage of digital signature is not too cost effective owing to its dependencies 
on certificates. Hence, we hybridize both elliptical curve cryptosystem as well as signature in order to 
construct a novel algorithm. The study outcome shows that proposed algorithm offers significant data 
integrity, confidentiality, and privacy in its process and is found to offer suitable balance between such 
security demands and communication performance. 
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